Share via

Is it possible to access an Azure Managed Disk from public network if it is attached to a VM?

Mulla, Tabrez 0 Reputation points
2024-07-16T10:20:40.4666667+00:00

Hello,

I have come across a setting for Disks that are attached to Azure VMs and am trying to understand a bit more about it.

There are three networking different options available for disks, they are

Enable public access from all networks

Disable public access and enable private access

Disable public and private access

The Microsoft recommended setting is to "Disable public access and enable private access" which is the most secure option.

I would like to understand a bit more about the default setting as well which is "Enable public access from all networks".

My research so far has led me to believe that if a disk has been set to "Enable public access from all networks", the disk can be access from public network ONLY IF it is not attached to a VM. Is my understanding correct?

Also, If the VM has no public IP, the VM and its allocated disks are not on the internet so this also suggests that the setting is not doing any harm since the disk cannot be reached.

I would really appreciate if there is Microsoft documentation suggesting this is the case and if not please do correct me.

Azure Disk Storage
Azure Disk Storage
A high-performance, durable block storage designed to be used with Azure Virtual Machines and Azure VMware Solution.
598 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nehruji R 4,376 Reputation points Microsoft Vendor
    2024-07-16T12:36:40.3533333+00:00

    Hello Mulla, Tabrez,

    Greetings! Welcome to Microsoft Q&A Platform.

    When a disk is set to “Enable public access from all networks,” it can indeed be accessed from the public network if it is not attached to a VM. However, if the VM to which the disk is attached does not have a public IP, the disk is not exposed to the internet, thus reducing the risk of unauthorized access.

    Public Access: If a disk is set to “Enable public access from all networks,” it can be accessed publicly only when it is not attached to a VM. Once attached to a VM, the disk inherits the network settings of the VM.

    VM Without Public IP: If the VM does not have a public IP, the VM and its attached disks are not accessible from the internet. This means that even if the disk has public access enabled, it cannot be reached from the public network.

    Microsoft’s Recommendation: Disabling public access and enabling private access is the most secure option. This setting ensures that the disk can only be accessed through private endpoints within your virtual network, providing an additional layer of security.

    refer for more detailed information-https://learn.microsoft.com/en-us/azure/virtual-machines/managed-disks-overview, https://learn.microsoft.com/en-us/azure/virtual-machines/disks-enable-private-links-for-import-export-portal.

    Hope this information helps! please accept the answer else, please let us know if you have any further queries. I’m happy to assist you further.

    Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments